[Openswan Users] Random connection error (timeout) for clients
Lionel Bernhardt
lionel.bernhardt at eurocash.eu
Tue Nov 13 03:36:11 EST 2012
Hello,
I am experiencing a weird problem with my server.
Randomly, some users (PC with 3G internet access) can get a timeout error
when trying to connect to the server. The connection problem can sometimes
be solved with a PC reboot but not anytime.
The strange thing is that while he's trying to connect, I can separately
connect with my 3G phone connection without any trouble.
This problem occurs randomly but most often daytime.
I didn't experience it with my ADSL internet connection from home.
The only thing I noted in /var/log/auth.log is :
Nov 12 15:48:46 vpn pluto[1292]: packet from 80.214.9.52:3241: received and
ignored informational message
Nov 12 15:50:18 vpn pluto[1292]: packet from 80.214.1.57:15211: ignoring
Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Nov 12 15:50:18 vpn pluto[1292]: packet from 80.214.1.57:15211: ignoring
Vendor ID payload [FRAGMENTATION]
Nov 12 15:50:18 vpn pluto[1292]: packet from 80.214.1.57:15211: received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Nov 12 15:50:18 vpn pluto[1292]: packet from 80.214.1.57:15211: ignoring
Vendor ID payload [Vid-Initial-Contact]
Nov 12 15:50:18 vpn pluto[1292]: "L2TP-PSK-NAT"[575] 80.214.1.57 #1028:
responding to Main Mode from unknown peer 80.214.1.57
Nov 12 15:50:18 vpn pluto[1292]: "L2TP-PSK-NAT"[575] 80.214.1.57 #1028:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Nov 12 15:50:18 vpn pluto[1292]: "L2TP-PSK-NAT"[575] 80.214.1.57 #1028:
STATE_MAIN_R1: sent MR1, expecting MI2
Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[575] 80.214.1.57 #1028:
NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[575] 80.214.1.57 #1028:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[575] 80.214.1.57 #1028:
STATE_MAIN_R2: sent MR2, expecting MI3
Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[575] 80.214.1.57 #1028: Main
mode peer ID is ID_FQDN: '@eurocash-67caee'
Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[575] 80.214.1.57 #1028:
switched from "L2TP-PSK-NAT" to "L2TP-PSK-NAT"
Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1028:
deleting connection "L2TP-PSK-NAT" instance with peer 80.214.1.57
{isakmp=#0/ipsec=#0}
Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1028:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1028: new
NAT mapping for #1028, was 80.214.1.57:15211, now 80.214.1.57:38379
Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1028:
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1028: peer
client type is FQDN
Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1028:
Applying workaround for MS-818043 NAT-T bug
Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1028: IDci
was FQDN: \303\006\214+, using NAT_OA=10.211.63.77/32 0 as IDci
Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1028: the
peer proposed: xxx.xxx.xxx.xxx/32:17/1701 -> 10.211.63.77/32:17/0
Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1029:
responding to Quick Mode proposal {msgid:6de05eb8}
Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1029:
us: xxx.xxx.xxx.xxx<xxx.xxx.xxx.xxx>[+S=C]:17/1701
Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1029:
them: 80.214.1.57[@eurocash-67caee,+S=C]:17/1701===10.211.63.77/32
Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1029:
transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1029:
STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1029:
netlink_raw_eroute: WARNING: that_client port 0 and that_host port 1701
don't match. Using that_client port.
Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1029:
transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1029:
STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0xb714c51c
<0xb93bea89 xfrm=3DES_0-HMAC_MD5 NATOA=10.211.63.77 NATD=80.214.1.57:38379
DPD=none}
Nov 12 15:50:21 vpn pluto[1292]: initiate on demand from
xxx.xxx.xxx.xxx:1701 to 80.214.1.57:1701 proto=17 state: fos_start because:
acquire
Nov 12 15:50:54 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1028:
received Delete SA(0xb714c51c) payload: deleting IPSEC State #1029
Nov 12 15:50:54 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1028:
ERROR: netlink XFRM_MSG_DELPOLICY response for flow eroute_connection delete
included errno 2: No such file or directory
Nov 12 15:50:54 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1028:
received and ignored informational message
Nov 12 15:50:55 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1028:
received Delete SA payload: deleting ISAKMP State #1028
Nov 12 15:50:55 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57: deleting
connection "L2TP-PSK-NAT" instance with peer 80.214.1.57
{isakmp=#0/ipsec=#0}
How can I solve this one?
Thanks for your valuable help.
lionel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20121113/97b594cd/attachment.html>
More information about the Users
mailing list